O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.
False Sense of Security
blind spot in our mind
and
eye-opening experience
18th January, 2016
Mnemonic Security, Inc., Japa...
Which model do you think is securer?
1/3
< Given information >
Model A is protected by Pincode while Model B is
protected ...
Which model do you think is securer?
2/3
< Given information >
Model A can be unlocked by Pincode while Model B
can be unl...
Which model do you think is securer?
3/3
< Given information >
Model A can be attacked only by Pincode while Model
B can b...
One Door or Two Doors
(1) (2)
There are two houses – (1) with one door and (2) with two doors in
parallel. Which is safer ...
(A and B) or (A or B)
Biometrics could help for better security
ONLY WHEN it is operated together with a password by
AND/C...
More about “OR/Disjunction”
Biometric sensors and monitors, whether static, behavioral or
electromagnetic, can theoretical...
Recommendations
As such, biometric solutions operated with a fallback password
should be called a “below-one factor authen...
Próximos SlideShares
Carregando em…5
×

Blind Spot In Our Mind & Eye-Opening Experience

Biometric solutions operated with a fallback password should be called a “less-than-one”-factor authentication, since it makes the users less safe than a password-only single-factor authentication.

The false sense of security is often worse than the lack of security itself. Biometric solutions could be recommended to the people who want convenience but should not be recommended to those who need security in cyber space.

  • Seja o primeiro a comentar

Blind Spot In Our Mind & Eye-Opening Experience

  1. 1. False Sense of Security blind spot in our mind and eye-opening experience 18th January, 2016 Mnemonic Security, Inc., Japan/UK
  2. 2. Which model do you think is securer? 1/3 < Given information > Model A is protected by Pincode while Model B is protected by both Pincode and Fingerprints Model A Model B
  3. 3. Which model do you think is securer? 2/3 < Given information > Model A can be unlocked by Pincode while Model B can be unlocked by both Pincode and Fingerprints Model A Model B
  4. 4. Which model do you think is securer? 3/3 < Given information > Model A can be attacked only by Pincode while Model B can be attacked by both Pincode and Fingerprints Model A Model B
  5. 5. One Door or Two Doors (1) (2) There are two houses – (1) with one door and (2) with two doors in parallel. Which is safer against burglars? The answer is (1). It is too obvious for everyone of us. Similarly (1) the login by a password alone is safer than (2) the login by a biometric product backed up by a fallback password.
  6. 6. (A and B) or (A or B) Biometrics could help for better security ONLY WHEN it is operated together with a password by AND/Conjunction (we need to go through both of the two), NOT WHEN operated with a password by OR /Disjunction (we need only to go through either one of the two) as in the cases of most of the biometric products on the market. Biometrics and password operated together by OR/Disjunction only increases the convenience by bringing down the security. Mixing up the case of OR/Disjunction with that of AND/Conjunction, we would be trapped in a false sense of security (We wrongly feel safer when we are actually less safe).
  7. 7. More about “OR/Disjunction” Biometric sensors and monitors, whether static, behavioral or electromagnetic, can theoretically be operated together with passwords in two ways, (1) by AND/conjunction or (2) by OR/disjunction. The cases of (1) are hardly known in the real world because the falsely rejected users would have to give up the access altogether even if they can recall their passwords. Most of the biometric products are operated by (2) so that the falsely rejected users can unlock the devices by registered passwords. This means that the overall vulnerability of the product is the sum of the vulnerability of biometrics (x) and that of a password (y). The sum (x + y - xy) is necessarily larger than the vulnerability of a password (y), say, the devices with biometric sensors are less secure than the devices protected by a password-only authentication.
  8. 8. Recommendations As such, biometric solutions operated with a fallback password should be called a “below-one factor authentication”, since it makes the users less safe than a password-only single-factor authentication. The false sense of security is often worse than the lack of security itself. Biometric solutions could be recommended to the people who want convenience but should not be recommended to those who need security in cyber space. Thank you

×